Malicious hackers use the PDF file format’s extended features against users by modifying PDF files in order use them as attack tools that exploit vulnerabilities in the Adobe products that read the files.
According to Symantec’s Internet Security Threat Report, researchers at the company estimated that 49 percent of all web-based attacks in 2009 used infected PDF files to propagate.
McAfee says that in 2007 and 2008, only 2 percent of all malware exploited vulnerabilities in Adobe Reader or Adobe Acrobat.
In 2009, the percent of malware exploiting Reader and Acrobat vulnerabilities jumped to 17 percent.
And in the first quarter of 2010, McAfee researchers say the number jumped up to 28 percent.
Meanwhile, security researchers at F-Secure said that among the 900 targeted attacks it found during the first two months of 2010, 61 percent exploited Reader vulnerabilities.
Last month Trend Micro highlighted one example of how a recent malicious PDF worked, alerting users that hackers embed malicious objects that exploit Adobe buffer overflow and TIFF vulnerabilities.
That exploit then allows the Trojan to connect to malicious URLs in order to download more damaging files on the machine to continue the attack.
Meanwhile, numerous security researchers last month warned that crooks are taking advantage of a design flaw in the "/LAUNCH" feature in PDFs to develop new attacks.
The feature allows PDFs to execute code using the "/Launch" command. Hackers can create a malicious PDF that launches CMD.EXE in order to create malicious scripts that attack the system.
You can help mitigate the risk of PDF attacks through the following steps:• Keep Systems Patched• Harden Configurations To Disallow Unnecessary Features• Keep Security Systems Updated• Train The Users
Keep Systems PatchedA great deal of PDF attacks take advantage of vulnerabilities for which Adobe has already released patched–including the ones Trend Micro warned about.
Harden Configurations to Disallow Unnecessary FeaturesSome vulnerabilities–such as the "/Launch" design flaw–still remain unpatched. However, partners can help customers mitigate risk by configuring systems to block such features for better protection.
Keep Security Systems UpdatedAlways make sure your customers’ threat protection systems are continuously updated–security vendors try to stay on top of the most recent PDF threats.
Train the UsersMany PDF attacks can be stopped dead in their tracks if users simply choose not to open errant spam attachments.